Microsoft System Center Endpoint Protection is a malware, spyware, antivirus and endpoint protection application available formerly with System Center Configuration Manager (SCCM), which later became Microsoft Endpoint Manager. It is a legacy product, with older versions reaching end of support, and is not available as a standalone product.
N/A
SentinelOne Singularity
Score 9.1 out of 10
N/A
SentinelOne is endpoint security software, from the company of the same name with offices in North America and Israel, presenting a combined antivirus and EDR solution.
It is well suited in environments that want a simple AV product/solution that, for the most part, can be easily deployed to client endpoints. It is also good for environments that want something that is easy to use by end-users, and also doesn't use a whole lot of system resources. It is less suited for environments that want an AV solution that is more robust feature-wise, or has more configurable options for the end-users. It is also less suited for those organizations that want an AV product to have the highest detection rate in the industry.
I'm not sure about pricing but I have heard from larger companies that it was not very accessible because of their size. We are a small company and we also utilize a SIEM which helped offset costs right off the bat. I think it makes 100% sense for IT departments that don't have enough staff to monitor their environment in depth.
Microsoft System Center Endpoint Protection offers exceptional threat protections for signature-based "known" threats.
The signatures are constantly updated and management of this application is super easy with the use of Microsoft SCCM.
The application is very much a "set it and let it" type of deployment. Once you install it, there are very little configuration or changes that need to be made.
The product could improve in the area of having better mechanisms in place with how the SCEP client is deployed/installed from the server on the management side. We have run into this firsthand with the client not installing on an endpoint, and then having to take the time to investigate why it was not installing.
A second improvement that can be made is to keep trying to improve the products detection rate for finding malware/viruses. The case can be made that there are some products out there that do a better job at this and have a higher detection rate.
Compared to all the other major players, SentinelOne is truly hands off. One installed, the tool is able to manage all the major threats on my endpoints without intervention. The biggest thing the IT Dept has to do now is just clear the incidents after SentinelOne has dealt with them. Every other tool I have used requires significantly more effort to maintain.
There was a time and a place in which Microsoft System Center Endpoint Protection was an excellent choice to provide threat protections. However, now that threats have been evolving, so too does the need for more advanced protections. In its current offering, it just no longer meets the needs of our organization in terms of providing protections against threats.
Their support is good and quick to respond. The one issue we faced was when a non-protection issue arose there was a lot of dancing around trying to figure things out. This was frustrating as it took significantly longer to figure out issues. Lots of repetitive log gathers, screen caps, uninstalls that never seemed to resolve issues. Eventually, the product would be updated and the issue seemed to be resolved, but seemed to be the only solution.
How SCEP stacks up against some of the other AV solutions/products is that it does a pretty good job overall (not the best in the industry) at detecting/removing malware, which is the main focus for a product like this. It is also easy to use on the end-user side, which can't be said for some other AV products on the market. I was not involved with the selection/purchase of the product in the organization, but I'm almost certain the organization selected this based on the tight integration with Microsoft System Center Manager, which is used in the organization. Also, given the fact that SCEP is tightly integrated and works well in organizations that utilize Microsoft products, it was probably another factor in selecting this. Lastly, the cost of licenses was probably lower (because of System Center already being in place) than other AV products.
Webroot is a great product but did not provide the versatility that we really were desiring. It allowed to us to centrally manage, but required policy-based management, and not the endpoint detail we wanted. SentinelOne's central management provides a variety of options for us to deploy and manage.
There was little/no cost associated with this software since we are utilizing SCCM and are paying license costs for that anyways.
The level or protection is excellent for the cost of the software.
There was at least one instance in which Microsoft System Center Endpoint Protection identified a crypto-malware, but not before it had already started to encrypt many of our files. So it did detect the threat, but since it was a little delayed we still were infected.
SentinelOne has already proved its value by stopping attacks that would have gone otherwise unnoticed until much later in their infection process.
The Vigilance team has provided quick response to threats that were not easily contained via the automated response SentinelOne's agents provide. This has given us a significant piece of mind.
